Vulnerabilidades en apache
91 resultadosCVE-2019-10070—Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionalityEPSS 1.8%CVE-2011-2487—The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a BlEPSS 1.8%CVE-2018-11772—Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in theEPSS 1.4%CVE-2018-11774—Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is theEPSS 1.4%CVE-2024-42362HIGHGHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/importEPSS 1.3%CVE-2019-10099—Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true.EPSS 1.3%CVE-2024-42361HIGHGHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}EPSS 1.1%CVE-2020-1929—The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration iEPSS 1.0%CVE-2018-11805—In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exEPSS 0.9%CVE-2019-12400—In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a sEPSS 0.8%CVE-2025-58712MEDIUMAmq: privilege escalation via excessive /etc/passwd permissionsEPSS 0.2%